cvelistv5 - cve-2019-11993

CVE-2019-11993 (GCVE-0-2019-11993)

Vulnerability from cvelistv5 – Published: 2020-01-03 17:18 – Updated: 2024-08-04 23:10

Summary

A security vulnerability has been identified in HPE SimpliVity 380 Gen 9, HPE SimpliVity 380 Gen 10, HPE SimpliVity 380 Gen 10 G, HPE SimpliVity 2600 Gen 10, SimpliVity OmniCube, SimpliVity OmniStack for Cisco, SimpliVity OmniStack for Lenovo and SimpliVity OmniStack for Dell nodes. Two now deprecated APIs run as root, accept a file name path, and can be used to create or delete arbitrary files on the nodes. These APIs do not require user authentication and are accessible over the management network, resulting in remote availability and integrity vulnerabilities For all customers running HPE OmniStack version 3.7.9 and earlier. HPE recommends upgrading the OmniStack software to version 3.7.10 or later, which contains a permanent resolution. Customers and partners who can upgrade to 3.7.10 should upgrade at the earliest convenience. For all customers and partners unable to upgrade their environments to the recommended version 3.7.10, HPE has created a Temporary Workaround https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=mmr_sf-EN_US000061675&withFrame for you to implement. All customer should upgrade to the recommended 3.7.10 or later version at the earliest convenience.

Severity ?

No CVSS data available.

CWE

remote creation and deletion of arbitrary files; remote creation and deletion of arbitrary files

Assigner

hpe

References

URL

Tags

https://support.hpe.com/hpsc/doc/public/display?d…

x_refsource_MISC

Impacted products

	Vendor	Product	Version
	n/a	SimpliVity OmniCube; HPE SimpliVity 380 Gen9; HPE SimpliVity 380 Gen9; HPE SimpliVity 380 Gen10; HPE SimpliVity 380 Gen10 G; SimpliVity OmniStack for Lenovo; SimpliVity OmniStack for Cisco; SimpliVity OmniStack for Dell; HPE SimpliVity 2600 Gen10	Affected: releases from 3.0.8 to 3.7.9 Affected: releases from 3.6.2 to 3.7.9 Affected: releases from 3.7.1 to 3.7.9 Affected: releases from 3.7.8 to 3.7.9 Affected: releases from 3.7.5 to 3.7.9

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T23:10:30.154Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03955en_us"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "SimpliVity OmniCube; HPE SimpliVity 380 Gen9; HPE SimpliVity 380 Gen9; HPE SimpliVity 380 Gen10; HPE SimpliVity 380 Gen10 G; SimpliVity OmniStack for Lenovo; SimpliVity OmniStack for Cisco; SimpliVity OmniStack for Dell; HPE SimpliVity 2600 Gen10",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "releases from 3.0.8 to 3.7.9"
            },
            {
              "status": "affected",
              "version": "releases from 3.6.2 to 3.7.9"
            },
            {
              "status": "affected",
              "version": "releases from 3.7.1 to 3.7.9"
            },
            {
              "status": "affected",
              "version": "releases from 3.7.8 to 3.7.9"
            },
            {
              "status": "affected",
              "version": "releases from 3.7.5 to 3.7.9"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A security vulnerability has been identified in HPE SimpliVity 380 Gen 9, HPE SimpliVity 380 Gen 10, HPE SimpliVity 380 Gen 10 G, HPE SimpliVity 2600 Gen 10, SimpliVity OmniCube, SimpliVity OmniStack for Cisco, SimpliVity OmniStack for Lenovo and SimpliVity OmniStack for Dell nodes. Two now deprecated APIs run as root, accept a file name path, and can be used to create or delete arbitrary files on the nodes. These APIs do not require user authentication and are accessible over the management network, resulting in remote availability and integrity vulnerabilities For all customers running HPE OmniStack version 3.7.9 and earlier. HPE recommends upgrading the OmniStack software to version 3.7.10 or later, which contains a permanent resolution. Customers and partners who can upgrade to 3.7.10 should upgrade at the earliest convenience. For all customers and partners unable to upgrade their environments to the recommended version 3.7.10, HPE has created a Temporary Workaround https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=mmr_sf-EN_US000061675\u0026withFrame for you to implement. All customer should upgrade to the recommended 3.7.10 or later version at the earliest convenience."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "remote creation and deletion of arbitrary files; remote creation and deletion of arbitrary files",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-01-03T17:18:03",
        "orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
        "shortName": "hpe"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03955en_us"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security-alert@hpe.com",
          "ID": "CVE-2019-11993",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "SimpliVity OmniCube; HPE SimpliVity 380 Gen9; HPE SimpliVity 380 Gen9; HPE SimpliVity 380 Gen10; HPE SimpliVity 380 Gen10 G; SimpliVity OmniStack for Lenovo; SimpliVity OmniStack for Cisco; SimpliVity OmniStack for Dell; HPE SimpliVity 2600 Gen10",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "releases from 3.0.8 to 3.7.9"
                          },
                          {
                            "version_value": "releases from 3.6.2 to 3.7.9"
                          },
                          {
                            "version_value": "releases from 3.7.1 to 3.7.9"
                          },
                          {
                            "version_value": "releases from 3.7.8 to 3.7.9"
                          },
                          {
                            "version_value": "releases from 3.0.8 to 3.7.9"
                          },
                          {
                            "version_value": "releases from 3.0.8 to 3.7.9"
                          },
                          {
                            "version_value": "releases from 3.0.8 to 3.7.9"
                          },
                          {
                            "version_value": "releases from 3.7.5 to 3.7.9"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A security vulnerability has been identified in HPE SimpliVity 380 Gen 9, HPE SimpliVity 380 Gen 10, HPE SimpliVity 380 Gen 10 G, HPE SimpliVity 2600 Gen 10, SimpliVity OmniCube, SimpliVity OmniStack for Cisco, SimpliVity OmniStack for Lenovo and SimpliVity OmniStack for Dell nodes. Two now deprecated APIs run as root, accept a file name path, and can be used to create or delete arbitrary files on the nodes. These APIs do not require user authentication and are accessible over the management network, resulting in remote availability and integrity vulnerabilities For all customers running HPE OmniStack version 3.7.9 and earlier. HPE recommends upgrading the OmniStack software to version 3.7.10 or later, which contains a permanent resolution. Customers and partners who can upgrade to 3.7.10 should upgrade at the earliest convenience. For all customers and partners unable to upgrade their environments to the recommended version 3.7.10, HPE has created a Temporary Workaround https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=mmr_sf-EN_US000061675\u0026withFrame for you to implement. All customer should upgrade to the recommended 3.7.10 or later version at the earliest convenience."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "remote creation and deletion of arbitrary files; remote creation and deletion of arbitrary files"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03955en_us",
              "refsource": "MISC",
              "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03955en_us"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
    "assignerShortName": "hpe",
    "cveId": "CVE-2019-11993",
    "datePublished": "2020-01-03T17:18:03",
    "dateReserved": "2019-05-13T00:00:00",
    "dateUpdated": "2024-08-04T23:10:30.154Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:hp:simplivity_380_gen9_firmware:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"3.6.2\", \"versionEndIncluding\": \"3.7.9\", \"matchCriteriaId\": \"5D8895FB-E79D-4F9F-AE39-C5D4FC233A22\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:hp:simplivity_380_gen9:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F05331F2-DF6B-4CD3-9BA4-B97A34746509\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:hp:simplivity_380_gen10_g_firmware:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"3.7.8\", \"versionEndIncluding\": \"3.7.9\", \"matchCriteriaId\": \"FA92DF3E-4DC5-4EA5-BF9E-C14AAAE927DB\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:hp:simplivity_380_gen10_g:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C077CA8B-F758-4D35-BFBA-9350586BBB91\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:hp:simplivity_380_gen10_firmware:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"3.7.1\", \"versionEndIncluding\": \"3.7.9\", \"matchCriteriaId\": \"5EF16E95-8FC7-4ADB-B563-FEDEF57B3E31\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:hp:simplivity_380_gen10:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DFA60F7D-DD77-4DED-B13B-C59025FCF3A2\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:hp:simplivity_2600_gen10_firmware:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"3.7.5\", \"versionEndIncluding\": \"3.7.9\", \"matchCriteriaId\": \"5EC67607-F4ED-42C9-A3A0-AF70DF7D22A0\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:hp:simplivity_2600_gen10:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"925D2865-2208-4604-828A-A257138D11F7\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:hp:simplivity_omnicube_firmware:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"3.0.8\", \"versionEndIncluding\": \"3.7.9\", \"matchCriteriaId\": \"717794CF-16D1-4CE8-9369-6E7F7AEE22BC\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:hp:simplivity_omnicube:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0F8DC2EE-7577-458A-924D-4D97B2AEBB2C\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:hp:simplivity_omnistack_for_dell_firmware:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"3.0.8\", \"versionEndIncluding\": \"3.7.9\", \"matchCriteriaId\": \"3D2A4CF2-3641-42D0-9B87-60572959BEEB\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:hp:simplivity_omnistack_for_dell:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1D42E762-1B52-4423-A127-037BDD32DDFB\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:hp:simplivity_omnistack_for_cisco_firmware:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"3.0.8\", \"versionEndIncluding\": \"3.7.9\", \"matchCriteriaId\": \"E7DED836-2881-4696-A7F8-CC1AFB8249AC\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:hp:simplivity_omnistack_for_cisco:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C762E2AF-0AB6-4E0E-AF17-D38382A03707\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:hp:simplivity_omnistack_for_lenovo_firmware:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"3.0.8\", \"versionEndIncluding\": \"3.7.9\", \"matchCriteriaId\": \"269491A5-4849-4008-9425-1FB27B372DFF\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:hp:simplivity_omnistack_for_lenovo:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7B11151D-42BB-4254-8E73-A5EE42F3F487\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"A security vulnerability has been identified in HPE SimpliVity 380 Gen 9, HPE SimpliVity 380 Gen 10, HPE SimpliVity 380 Gen 10 G, HPE SimpliVity 2600 Gen 10, SimpliVity OmniCube, SimpliVity OmniStack for Cisco, SimpliVity OmniStack for Lenovo and SimpliVity OmniStack for Dell nodes. Two now deprecated APIs run as root, accept a file name path, and can be used to create or delete arbitrary files on the nodes. These APIs do not require user authentication and are accessible over the management network, resulting in remote availability and integrity vulnerabilities For all customers running HPE OmniStack version 3.7.9 and earlier. HPE recommends upgrading the OmniStack software to version 3.7.10 or later, which contains a permanent resolution. Customers and partners who can upgrade to 3.7.10 should upgrade at the earliest convenience. For all customers and partners unable to upgrade their environments to the recommended version 3.7.10, HPE has created a Temporary Workaround https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=mmr_sf-EN_US000061675\u0026withFrame for you to implement. All customer should upgrade to the recommended 3.7.10 or later version at the earliest convenience.\"}, {\"lang\": \"es\", \"value\": \"Ha sido identificada una vulnerabilidad de seguridad en HPE SimpliVity 380 Gen 9, HPE SimpliVity 380 Gen 10, HPE SimpliVity 380 Gen 10 G, HPE SimpliVity 2600 Gen 10, SimpliVity OmniCube, SimpliVity OmniStack para Cisco, SimpliVity OmniStack para Lenovo y SimpliVity OmniStack para nodos Dell. Dos API ahora en desuso ejecutadas como root, aceptan una ruta de nombre de archivo y pueden ser usadas para crear o eliminar archivos arbitrarios en los nodos. Estas API no requieren autenticaci\\u00f3n de usuario y son accesibles a trav\\u00e9s de la red de administraci\\u00f3n, resultando en vulnerabilidades de disponibilidad e integridad remotas para todos los clientes que ejecutan HPE OmniStack versi\\u00f3n 3.7.9 y anteriores. HPE recomienda actualizar el software OmniStack a la versi\\u00f3n 3.7.10 o posterior, que contiene una resoluci\\u00f3n permanente. Los clientes y socios que pueden actualizar a la versi\\u00f3n 3.7.10 deben actualizar lo m\\u00e1s pronto posible. Para todos los clientes y socios que no pueden actualizar sus entornos a la versi\\u00f3n recomendada 3.7.10, HPE ha creado una Soluci\\u00f3n Temporal https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026amp;docId=mmr_sf-EN_US000061675\u0026amp;withFrame para que la implementen. Todos los clientes deben actualizar a la versi\\u00f3n 3.7.10 o posterior recomendada lo m\\u00e1s pronto posible.\"}]",
      "id": "CVE-2019-11993",
      "lastModified": "2024-11-21T04:22:07.477",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 3.6}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:N/I:C/A:C\", \"baseScore\": 9.4, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 10.0, \"impactScore\": 9.2, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2020-01-03T18:15:09.640",
      "references": "[{\"url\": \"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03955en_us\", \"source\": \"security-alert@hpe.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03955en_us\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "security-alert@hpe.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-noinfo\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2019-11993\",\"sourceIdentifier\":\"security-alert@hpe.com\",\"published\":\"2020-01-03T18:15:09.640\",\"lastModified\":\"2024-11-21T04:22:07.477\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A security vulnerability has been identified in HPE SimpliVity 380 Gen 9, HPE SimpliVity 380 Gen 10, HPE SimpliVity 380 Gen 10 G, HPE SimpliVity 2600 Gen 10, SimpliVity OmniCube, SimpliVity OmniStack for Cisco, SimpliVity OmniStack for Lenovo and SimpliVity OmniStack for Dell nodes. Two now deprecated APIs run as root, accept a file name path, and can be used to create or delete arbitrary files on the nodes. These APIs do not require user authentication and are accessible over the management network, resulting in remote availability and integrity vulnerabilities For all customers running HPE OmniStack version 3.7.9 and earlier. HPE recommends upgrading the OmniStack software to version 3.7.10 or later, which contains a permanent resolution. Customers and partners who can upgrade to 3.7.10 should upgrade at the earliest convenience. For all customers and partners unable to upgrade their environments to the recommended version 3.7.10, HPE has created a Temporary Workaround https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=mmr_sf-EN_US000061675\u0026withFrame for you to implement. All customer should upgrade to the recommended 3.7.10 or later version at the earliest convenience.\"},{\"lang\":\"es\",\"value\":\"Ha sido identificada una vulnerabilidad de seguridad en HPE SimpliVity 380 Gen 9, HPE SimpliVity 380 Gen 10, HPE SimpliVity 380 Gen 10 G, HPE SimpliVity 2600 Gen 10, SimpliVity OmniCube, SimpliVity OmniStack para Cisco, SimpliVity OmniStack para Lenovo y SimpliVity OmniStack para nodos Dell. Dos API ahora en desuso ejecutadas como root, aceptan una ruta de nombre de archivo y pueden ser usadas para crear o eliminar archivos arbitrarios en los nodos. Estas API no requieren autenticaci\u00f3n de usuario y son accesibles a trav\u00e9s de la red de administraci\u00f3n, resultando en vulnerabilidades de disponibilidad e integridad remotas para todos los clientes que ejecutan HPE OmniStack versi\u00f3n 3.7.9 y anteriores. HPE recomienda actualizar el software OmniStack a la versi\u00f3n 3.7.10 o posterior, que contiene una resoluci\u00f3n permanente. Los clientes y socios que pueden actualizar a la versi\u00f3n 3.7.10 deben actualizar lo m\u00e1s pronto posible. Para todos los clientes y socios que no pueden actualizar sus entornos a la versi\u00f3n recomendada 3.7.10, HPE ha creado una Soluci\u00f3n Temporal https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026amp;docId=mmr_sf-EN_US000061675\u0026amp;withFrame para que la implementen. Todos los clientes deben actualizar a la versi\u00f3n 3.7.10 o posterior recomendada lo m\u00e1s pronto posible.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:C/A:C\",\"baseScore\":9.4,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":9.2,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:hp:simplivity_380_gen9_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"3.6.2\",\"versionEndIncluding\":\"3.7.9\",\"matchCriteriaId\":\"5D8895FB-E79D-4F9F-AE39-C5D4FC233A22\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:hp:simplivity_380_gen9:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F05331F2-DF6B-4CD3-9BA4-B97A34746509\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:hp:simplivity_380_gen10_g_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"3.7.8\",\"versionEndIncluding\":\"3.7.9\",\"matchCriteriaId\":\"FA92DF3E-4DC5-4EA5-BF9E-C14AAAE927DB\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:hp:simplivity_380_gen10_g:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C077CA8B-F758-4D35-BFBA-9350586BBB91\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:hp:simplivity_380_gen10_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"3.7.1\",\"versionEndIncluding\":\"3.7.9\",\"matchCriteriaId\":\"5EF16E95-8FC7-4ADB-B563-FEDEF57B3E31\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:hp:simplivity_380_gen10:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DFA60F7D-DD77-4DED-B13B-C59025FCF3A2\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:hp:simplivity_2600_gen10_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"3.7.5\",\"versionEndIncluding\":\"3.7.9\",\"matchCriteriaId\":\"5EC67607-F4ED-42C9-A3A0-AF70DF7D22A0\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:hp:simplivity_2600_gen10:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"925D2865-2208-4604-828A-A257138D11F7\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:hp:simplivity_omnicube_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"3.0.8\",\"versionEndIncluding\":\"3.7.9\",\"matchCriteriaId\":\"717794CF-16D1-4CE8-9369-6E7F7AEE22BC\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:hp:simplivity_omnicube:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0F8DC2EE-7577-458A-924D-4D97B2AEBB2C\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:hp:simplivity_omnistack_for_dell_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"3.0.8\",\"versionEndIncluding\":\"3.7.9\",\"matchCriteriaId\":\"3D2A4CF2-3641-42D0-9B87-60572959BEEB\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:hp:simplivity_omnistack_for_dell:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1D42E762-1B52-4423-A127-037BDD32DDFB\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:hp:simplivity_omnistack_for_cisco_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"3.0.8\",\"versionEndIncluding\":\"3.7.9\",\"matchCriteriaId\":\"E7DED836-2881-4696-A7F8-CC1AFB8249AC\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:hp:simplivity_omnistack_for_cisco:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C762E2AF-0AB6-4E0E-AF17-D38382A03707\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:hp:simplivity_omnistack_for_lenovo_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"3.0.8\",\"versionEndIncluding\":\"3.7.9\",\"matchCriteriaId\":\"269491A5-4849-4008-9425-1FB27B372DFF\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:hp:simplivity_omnistack_for_lenovo:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7B11151D-42BB-4254-8E73-A5EE42F3F487\"}]}]}],\"references\":[{\"url\":\"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03955en_us\",\"source\":\"security-alert@hpe.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03955en_us\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}

GHSA-8F22-PCX4-9XQM

Vulnerability from github – Published: 2022-05-24 17:05 – Updated: 2022-05-24 17:05

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2019-11993"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-01-03T18:15:00Z",
    "severity": "HIGH"
  },
  "details": "A security vulnerability has been identified in HPE SimpliVity 380 Gen 9, HPE SimpliVity 380 Gen 10, HPE SimpliVity 380 Gen 10 G, HPE SimpliVity 2600 Gen 10, SimpliVity OmniCube, SimpliVity OmniStack for Cisco, SimpliVity OmniStack for Lenovo and SimpliVity OmniStack for Dell nodes. Two now deprecated APIs run as root, accept a file name path, and can be used to create or delete arbitrary files on the nodes. These APIs do not require user authentication and are accessible over the management network, resulting in remote availability and integrity vulnerabilities For all customers running HPE OmniStack version 3.7.9 and earlier. HPE recommends upgrading the OmniStack software to version 3.7.10 or later, which contains a permanent resolution. Customers and partners who can upgrade to 3.7.10 should upgrade at the earliest convenience. For all customers and partners unable to upgrade their environments to the recommended version 3.7.10, HPE has created a Temporary Workaround https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=mmr_sf-EN_US000061675\u0026withFrame for you to implement. All customer should upgrade to the recommended 3.7.10 or later version at the earliest convenience.",
  "id": "GHSA-8f22-pcx4-9xqm",
  "modified": "2022-05-24T17:05:30Z",
  "published": "2022-05-24T17:05:30Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-11993"
    },
    {
      "type": "WEB",
      "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03955en_us"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

CNVD-2020-04654

Vulnerability from cnvd - Published: 2020-02-11

Title

多款HPE产品存在未明漏洞

Description

HPE SimpliVity 380 Gen 9等都是美国惠普企业公司（Hewlett Packard Enterprise，HPE）的一款服务器。多款HPE产品中存在安全漏洞。攻击者可利用该漏洞创建并删除任意文件。

Severity

高

Patch Name

多款HPE产品存在未明漏洞的补丁

Patch Description

HPE SimpliVity 380 Gen 9等都是美国惠普企业公司（Hewlett Packard Enterprise，HPE）的一款服务器。多款HPE产品中存在安全漏洞。攻击者可利用该漏洞创建并删除任意文件。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03955en_us

Reference

https://nvd.nist.gov/vuln/detail/CVE-2019-11993

Impacted products

Name
['HP SimpliVity 380 Gen9 >=3.6.2，<=3.7.9', 'HP SimpliVity 380 Gen10 G >=3.7.8，<=3.7.9', 'HP SimpliVity 2600 Gen10 >=3.7.5，<=3.7.9', 'HP SimpliVity OmniCube >=3.0.8，<=3.7.9', 'HP SimpliVity OmniStack for Cisco >=3.0.8，<=3.7.9', 'HP SimpliVity OmniStack for Lenovo >=3.0.8，<=3.7.9', 'HP SimpliVity OmniStack for Dell >=3.0.8，<=3.7.9']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2019-11993"
    }
  },
  "description": "HPE SimpliVity 380 Gen 9\u7b49\u90fd\u662f\u7f8e\u56fd\u60e0\u666e\u4f01\u4e1a\u516c\u53f8\uff08Hewlett Packard Enterprise\uff0cHPE\uff09\u7684\u4e00\u6b3e\u670d\u52a1\u5668\u3002\n\n\u591a\u6b3eHPE\u4ea7\u54c1\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u521b\u5efa\u5e76\u5220\u9664\u4efb\u610f\u6587\u4ef6\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03955en_us",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2020-04654",
  "openTime": "2020-02-11",
  "patchDescription": "HPE SimpliVity 380 Gen 9\u7b49\u90fd\u662f\u7f8e\u56fd\u60e0\u666e\u4f01\u4e1a\u516c\u53f8\uff08Hewlett Packard Enterprise\uff0cHPE\uff09\u7684\u4e00\u6b3e\u670d\u52a1\u5668\u3002\r\n\r\n\u591a\u6b3eHPE\u4ea7\u54c1\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u521b\u5efa\u5e76\u5220\u9664\u4efb\u610f\u6587\u4ef6\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "\u591a\u6b3eHPE\u4ea7\u54c1\u5b58\u5728\u672a\u660e\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "HP SimpliVity 380 Gen9 \u003e=3.6.2\uff0c\u003c=3.7.9",
      "HP SimpliVity 380 Gen10 G \u003e=3.7.8\uff0c\u003c=3.7.9",
      "HP SimpliVity 2600 Gen10 \u003e=3.7.5\uff0c\u003c=3.7.9",
      "HP SimpliVity OmniCube \u003e=3.0.8\uff0c\u003c=3.7.9",
      "HP SimpliVity OmniStack for Cisco \u003e=3.0.8\uff0c\u003c=3.7.9",
      "HP SimpliVity OmniStack for Lenovo \u003e=3.0.8\uff0c\u003c=3.7.9",
      "HP SimpliVity OmniStack for Dell \u003e=3.0.8\uff0c\u003c=3.7.9"
    ]
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2019-11993",
  "serverity": "\u9ad8",
  "submitTime": "2020-01-07",
  "title": "\u591a\u6b3eHPE\u4ea7\u54c1\u5b58\u5728\u672a\u660e\u6f0f\u6d1e"
}

GSD-2019-11993

Vulnerability from gsd - Updated: 2023-12-13 01:24

Details

Aliases

CVE-2019-11993

Aliases

CVE-2019-11993

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2019-11993",
    "description": "A security vulnerability has been identified in HPE SimpliVity 380 Gen 9, HPE SimpliVity 380 Gen 10, HPE SimpliVity 380 Gen 10 G, HPE SimpliVity 2600 Gen 10, SimpliVity OmniCube, SimpliVity OmniStack for Cisco, SimpliVity OmniStack for Lenovo and SimpliVity OmniStack for Dell nodes. Two now deprecated APIs run as root, accept a file name path, and can be used to create or delete arbitrary files on the nodes. These APIs do not require user authentication and are accessible over the management network, resulting in remote availability and integrity vulnerabilities For all customers running HPE OmniStack version 3.7.9 and earlier. HPE recommends upgrading the OmniStack software to version 3.7.10 or later, which contains a permanent resolution. Customers and partners who can upgrade to 3.7.10 should upgrade at the earliest convenience. For all customers and partners unable to upgrade their environments to the recommended version 3.7.10, HPE has created a Temporary Workaround https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=mmr_sf-EN_US000061675\u0026withFrame for you to implement. All customer should upgrade to the recommended 3.7.10 or later version at the earliest convenience.",
    "id": "GSD-2019-11993"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2019-11993"
      ],
      "details": "A security vulnerability has been identified in HPE SimpliVity 380 Gen 9, HPE SimpliVity 380 Gen 10, HPE SimpliVity 380 Gen 10 G, HPE SimpliVity 2600 Gen 10, SimpliVity OmniCube, SimpliVity OmniStack for Cisco, SimpliVity OmniStack for Lenovo and SimpliVity OmniStack for Dell nodes. Two now deprecated APIs run as root, accept a file name path, and can be used to create or delete arbitrary files on the nodes. These APIs do not require user authentication and are accessible over the management network, resulting in remote availability and integrity vulnerabilities For all customers running HPE OmniStack version 3.7.9 and earlier. HPE recommends upgrading the OmniStack software to version 3.7.10 or later, which contains a permanent resolution. Customers and partners who can upgrade to 3.7.10 should upgrade at the earliest convenience. For all customers and partners unable to upgrade their environments to the recommended version 3.7.10, HPE has created a Temporary Workaround https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=mmr_sf-EN_US000061675\u0026withFrame for you to implement. All customer should upgrade to the recommended 3.7.10 or later version at the earliest convenience.",
      "id": "GSD-2019-11993",
      "modified": "2023-12-13T01:24:01.754345Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "security-alert@hpe.com",
        "ID": "CVE-2019-11993",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "SimpliVity OmniCube; HPE SimpliVity 380 Gen9; HPE SimpliVity 380 Gen9; HPE SimpliVity 380 Gen10; HPE SimpliVity 380 Gen10 G; SimpliVity OmniStack for Lenovo; SimpliVity OmniStack for Cisco; SimpliVity OmniStack for Dell; HPE SimpliVity 2600 Gen10",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "releases from 3.0.8 to 3.7.9"
                        },
                        {
                          "version_value": "releases from 3.6.2 to 3.7.9"
                        },
                        {
                          "version_value": "releases from 3.7.1 to 3.7.9"
                        },
                        {
                          "version_value": "releases from 3.7.8 to 3.7.9"
                        },
                        {
                          "version_value": "releases from 3.0.8 to 3.7.9"
                        },
                        {
                          "version_value": "releases from 3.0.8 to 3.7.9"
                        },
                        {
                          "version_value": "releases from 3.0.8 to 3.7.9"
                        },
                        {
                          "version_value": "releases from 3.7.5 to 3.7.9"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "A security vulnerability has been identified in HPE SimpliVity 380 Gen 9, HPE SimpliVity 380 Gen 10, HPE SimpliVity 380 Gen 10 G, HPE SimpliVity 2600 Gen 10, SimpliVity OmniCube, SimpliVity OmniStack for Cisco, SimpliVity OmniStack for Lenovo and SimpliVity OmniStack for Dell nodes. Two now deprecated APIs run as root, accept a file name path, and can be used to create or delete arbitrary files on the nodes. These APIs do not require user authentication and are accessible over the management network, resulting in remote availability and integrity vulnerabilities For all customers running HPE OmniStack version 3.7.9 and earlier. HPE recommends upgrading the OmniStack software to version 3.7.10 or later, which contains a permanent resolution. Customers and partners who can upgrade to 3.7.10 should upgrade at the earliest convenience. For all customers and partners unable to upgrade their environments to the recommended version 3.7.10, HPE has created a Temporary Workaround https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=mmr_sf-EN_US000061675\u0026withFrame for you to implement. All customer should upgrade to the recommended 3.7.10 or later version at the earliest convenience."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "remote creation and deletion of arbitrary files; remote creation and deletion of arbitrary files"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03955en_us",
            "refsource": "MISC",
            "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03955en_us"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:hp:simplivity_380_gen9_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "3.7.9",
                    "versionStartIncluding": "3.6.2",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:hp:simplivity_380_gen9:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:hp:simplivity_380_gen10_g_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "3.7.9",
                    "versionStartIncluding": "3.7.8",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:hp:simplivity_380_gen10_g:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:hp:simplivity_380_gen10_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "3.7.9",
                    "versionStartIncluding": "3.7.1",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:hp:simplivity_380_gen10:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:hp:simplivity_2600_gen10_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "3.7.9",
                    "versionStartIncluding": "3.7.5",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:hp:simplivity_2600_gen10:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:hp:simplivity_omnicube_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "3.7.9",
                    "versionStartIncluding": "3.0.8",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:hp:simplivity_omnicube:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:hp:simplivity_omnistack_for_dell_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "3.7.9",
                    "versionStartIncluding": "3.0.8",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:hp:simplivity_omnistack_for_dell:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:hp:simplivity_omnistack_for_cisco_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "3.7.9",
                    "versionStartIncluding": "3.0.8",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:hp:simplivity_omnistack_for_cisco:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:hp:simplivity_omnistack_for_lenovo_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "3.7.9",
                    "versionStartIncluding": "3.0.8",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:hp:simplivity_omnistack_for_lenovo:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "security-alert@hpe.com",
          "ID": "CVE-2019-11993"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "A security vulnerability has been identified in HPE SimpliVity 380 Gen 9, HPE SimpliVity 380 Gen 10, HPE SimpliVity 380 Gen 10 G, HPE SimpliVity 2600 Gen 10, SimpliVity OmniCube, SimpliVity OmniStack for Cisco, SimpliVity OmniStack for Lenovo and SimpliVity OmniStack for Dell nodes. Two now deprecated APIs run as root, accept a file name path, and can be used to create or delete arbitrary files on the nodes. These APIs do not require user authentication and are accessible over the management network, resulting in remote availability and integrity vulnerabilities For all customers running HPE OmniStack version 3.7.9 and earlier. HPE recommends upgrading the OmniStack software to version 3.7.10 or later, which contains a permanent resolution. Customers and partners who can upgrade to 3.7.10 should upgrade at the earliest convenience. For all customers and partners unable to upgrade their environments to the recommended version 3.7.10, HPE has created a Temporary Workaround https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=mmr_sf-EN_US000061675\u0026withFrame for you to implement. All customer should upgrade to the recommended 3.7.10 or later version at the earliest convenience."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-noinfo"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03955en_us",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03955en_us"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.4,
            "confidentialityImpact": "NONE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 9.2,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2020-01-21T20:41Z",
      "publishedDate": "2020-01-03T18:15Z"
    }
  }
}

FKIE_CVE-2019-11993

Vulnerability from fkie_nvd - Published: 2020-01-03 18:15 - Updated: 2024-11-21 04:22

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Summary

References

	URL	Tags
	security-alert@hpe.com	https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03955en_us	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03955en_us	Vendor Advisory

Impacted products

Vendor	Product	Version
hp	simplivity_380_gen9_firmware	*
hp	simplivity_380_gen9	-
hp	simplivity_380_gen10_g_firmware	*
hp	simplivity_380_gen10_g	-
hp	simplivity_380_gen10_firmware	*
hp	simplivity_380_gen10	-
hp	simplivity_2600_gen10_firmware	*
hp	simplivity_2600_gen10	-
hp	simplivity_omnicube_firmware	*
hp	simplivity_omnicube	-
hp	simplivity_omnistack_for_dell_firmware	*
hp	simplivity_omnistack_for_dell	-
hp	simplivity_omnistack_for_cisco_firmware	*
hp	simplivity_omnistack_for_cisco	-
hp	simplivity_omnistack_for_lenovo_firmware	*
hp	simplivity_omnistack_for_lenovo	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:hp:simplivity_380_gen9_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D8895FB-E79D-4F9F-AE39-C5D4FC233A22",
              "versionEndIncluding": "3.7.9",
              "versionStartIncluding": "3.6.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:hp:simplivity_380_gen9:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F05331F2-DF6B-4CD3-9BA4-B97A34746509",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:hp:simplivity_380_gen10_g_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA92DF3E-4DC5-4EA5-BF9E-C14AAAE927DB",
              "versionEndIncluding": "3.7.9",
              "versionStartIncluding": "3.7.8",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:hp:simplivity_380_gen10_g:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C077CA8B-F758-4D35-BFBA-9350586BBB91",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:hp:simplivity_380_gen10_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5EF16E95-8FC7-4ADB-B563-FEDEF57B3E31",
              "versionEndIncluding": "3.7.9",
              "versionStartIncluding": "3.7.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:hp:simplivity_380_gen10:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "DFA60F7D-DD77-4DED-B13B-C59025FCF3A2",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:hp:simplivity_2600_gen10_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5EC67607-F4ED-42C9-A3A0-AF70DF7D22A0",
              "versionEndIncluding": "3.7.9",
              "versionStartIncluding": "3.7.5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:hp:simplivity_2600_gen10:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "925D2865-2208-4604-828A-A257138D11F7",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:hp:simplivity_omnicube_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "717794CF-16D1-4CE8-9369-6E7F7AEE22BC",
              "versionEndIncluding": "3.7.9",
              "versionStartIncluding": "3.0.8",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:hp:simplivity_omnicube:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0F8DC2EE-7577-458A-924D-4D97B2AEBB2C",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:hp:simplivity_omnistack_for_dell_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D2A4CF2-3641-42D0-9B87-60572959BEEB",
              "versionEndIncluding": "3.7.9",
              "versionStartIncluding": "3.0.8",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:hp:simplivity_omnistack_for_dell:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1D42E762-1B52-4423-A127-037BDD32DDFB",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:hp:simplivity_omnistack_for_cisco_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E7DED836-2881-4696-A7F8-CC1AFB8249AC",
              "versionEndIncluding": "3.7.9",
              "versionStartIncluding": "3.0.8",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:hp:simplivity_omnistack_for_cisco:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C762E2AF-0AB6-4E0E-AF17-D38382A03707",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:hp:simplivity_omnistack_for_lenovo_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "269491A5-4849-4008-9425-1FB27B372DFF",
              "versionEndIncluding": "3.7.9",
              "versionStartIncluding": "3.0.8",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:hp:simplivity_omnistack_for_lenovo:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7B11151D-42BB-4254-8E73-A5EE42F3F487",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A security vulnerability has been identified in HPE SimpliVity 380 Gen 9, HPE SimpliVity 380 Gen 10, HPE SimpliVity 380 Gen 10 G, HPE SimpliVity 2600 Gen 10, SimpliVity OmniCube, SimpliVity OmniStack for Cisco, SimpliVity OmniStack for Lenovo and SimpliVity OmniStack for Dell nodes. Two now deprecated APIs run as root, accept a file name path, and can be used to create or delete arbitrary files on the nodes. These APIs do not require user authentication and are accessible over the management network, resulting in remote availability and integrity vulnerabilities For all customers running HPE OmniStack version 3.7.9 and earlier. HPE recommends upgrading the OmniStack software to version 3.7.10 or later, which contains a permanent resolution. Customers and partners who can upgrade to 3.7.10 should upgrade at the earliest convenience. For all customers and partners unable to upgrade their environments to the recommended version 3.7.10, HPE has created a Temporary Workaround https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=mmr_sf-EN_US000061675\u0026withFrame for you to implement. All customer should upgrade to the recommended 3.7.10 or later version at the earliest convenience."
    },
    {
      "lang": "es",
      "value": "Ha sido identificada una vulnerabilidad de seguridad en HPE SimpliVity 380 Gen 9, HPE SimpliVity 380 Gen 10, HPE SimpliVity 380 Gen 10 G, HPE SimpliVity 2600 Gen 10, SimpliVity OmniCube, SimpliVity OmniStack para Cisco, SimpliVity OmniStack para Lenovo y SimpliVity OmniStack para nodos Dell. Dos API ahora en desuso ejecutadas como root, aceptan una ruta de nombre de archivo y pueden ser usadas para crear o eliminar archivos arbitrarios en los nodos. Estas API no requieren autenticaci\u00f3n de usuario y son accesibles a trav\u00e9s de la red de administraci\u00f3n, resultando en vulnerabilidades de disponibilidad e integridad remotas para todos los clientes que ejecutan HPE OmniStack versi\u00f3n 3.7.9 y anteriores. HPE recomienda actualizar el software OmniStack a la versi\u00f3n 3.7.10 o posterior, que contiene una resoluci\u00f3n permanente. Los clientes y socios que pueden actualizar a la versi\u00f3n 3.7.10 deben actualizar lo m\u00e1s pronto posible. Para todos los clientes y socios que no pueden actualizar sus entornos a la versi\u00f3n recomendada 3.7.10, HPE ha creado una Soluci\u00f3n Temporal https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026amp;docId=mmr_sf-EN_US000061675\u0026amp;withFrame para que la implementen. Todos los clientes deben actualizar a la versi\u00f3n 3.7.10 o posterior recomendada lo m\u00e1s pronto posible."
    }
  ],
  "id": "CVE-2019-11993",
  "lastModified": "2024-11-21T04:22:07.477",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.4,
          "confidentialityImpact": "NONE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 9.2,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-01-03T18:15:09.640",
  "references": [
    {
      "source": "security-alert@hpe.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03955en_us"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03955en_us"
    }
  ],
  "sourceIdentifier": "security-alert@hpe.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

VAR-202001-0645

Vulnerability from variot - Updated: 2023-12-18 12:35

There are security holes in many HPE products

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202001-0645",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "simplivity 380 gen10 g",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "hp",
        "version": "3.7.8"
      },
      {
        "model": "simplivity omnistack for cisco",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "hp",
        "version": "3.7.9"
      },
      {
        "model": "simplivity omnistack for cisco",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "hp",
        "version": "3.0.8"
      },
      {
        "model": "simplivity omnistack for lenovo",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "hp",
        "version": "3.7.9"
      },
      {
        "model": "simplivity omnicube",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "hp",
        "version": "3.7.9"
      },
      {
        "model": "simplivity 380 gen10 g",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "hp",
        "version": "3.7.9"
      },
      {
        "model": "simplivity 380 gen9",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "hp",
        "version": "3.6.2"
      },
      {
        "model": "simplivity omnistack for lenovo",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "hp",
        "version": "3.0.8"
      },
      {
        "model": "simplivity 380 gen9",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "hp",
        "version": "3.7.9"
      },
      {
        "model": "simplivity omnicube",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "hp",
        "version": "3.0.8"
      },
      {
        "model": "simplivity omnistack for dell",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "hp",
        "version": "3.0.8"
      },
      {
        "model": "simplivity omnistack for dell",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "hp",
        "version": "3.7.9"
      },
      {
        "model": "simplivity 380 gen10",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "hp",
        "version": "3.7.1"
      },
      {
        "model": "simplivity 380 gen10",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "hp",
        "version": "3.7.9"
      },
      {
        "model": "simplivity 2600 gen10",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "hp",
        "version": "3.7.5"
      },
      {
        "model": "simplivity 2600 gen10",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "hp",
        "version": "3.7.9"
      },
      {
        "model": "simplivity 2600 gen 10",
        "scope": null,
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": null
      },
      {
        "model": "simplivity 380 gen 10 g",
        "scope": null,
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": null
      },
      {
        "model": "simplivity 380 gen 10",
        "scope": null,
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": null
      },
      {
        "model": "simplivity 380 gen 9",
        "scope": null,
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": null
      },
      {
        "model": "simplivity omnicube",
        "scope": null,
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": null
      },
      {
        "model": "simplivity omnistack for cisco",
        "scope": null,
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": null
      },
      {
        "model": "simplivity omnistack for dell",
        "scope": null,
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": null
      },
      {
        "model": "simplivity omnistack for lenovo",
        "scope": null,
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": null
      },
      {
        "model": "simplivity gen9",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "hp",
        "version": "380\u003e=3.6.2,\u003c=3.7.9"
      },
      {
        "model": "simplivity gen10 g",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "hp",
        "version": "380\u003e=3.7.8,\u003c=3.7.9"
      },
      {
        "model": "simplivity gen10",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "hp",
        "version": "2600\u003e=3.7.5,\u003c=3.7.9"
      },
      {
        "model": "simplivity omnicube",
        "scope": "gte",
        "trust": 0.6,
        "vendor": "hp",
        "version": "3.0.8,\u003c=3.7.9"
      },
      {
        "model": "simplivity omnistack for cisco",
        "scope": "gte",
        "trust": 0.6,
        "vendor": "hp",
        "version": "3.0.8,\u003c=3.7.9"
      },
      {
        "model": "simplivity omnistack for lenovo",
        "scope": "gte",
        "trust": 0.6,
        "vendor": "hp",
        "version": "3.0.8,\u003c=3.7.9"
      },
      {
        "model": "simplivity omnistack for dell",
        "scope": "gte",
        "trust": 0.6,
        "vendor": "hp",
        "version": "3.0.8,\u003c=3.7.9"
      },
      {
        "model": "simplivity 2600 gen10",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "simplivity 380 gen10 g",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "simplivity omnistack for cisco",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "simplivity omnistack for dell",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "simplivity omnistack for lenovo",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "simplivity 380 gen10",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "simplivity omnicube",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "simplivity 380 gen9",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "hp",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-04654"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-014157"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-11993"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202001-074"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:hp:simplivity_380_gen9_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "3.7.9",
                    "versionStartIncluding": "3.6.2",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:hp:simplivity_380_gen9:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:hp:simplivity_380_gen10_g_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "3.7.9",
                    "versionStartIncluding": "3.7.8",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:hp:simplivity_380_gen10_g:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:hp:simplivity_380_gen10_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "3.7.9",
                    "versionStartIncluding": "3.7.1",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:hp:simplivity_380_gen10:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:hp:simplivity_2600_gen10_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "3.7.9",
                    "versionStartIncluding": "3.7.5",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:hp:simplivity_2600_gen10:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:hp:simplivity_omnicube_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "3.7.9",
                    "versionStartIncluding": "3.0.8",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:hp:simplivity_omnicube:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:hp:simplivity_omnistack_for_dell_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "3.7.9",
                    "versionStartIncluding": "3.0.8",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:hp:simplivity_omnistack_for_dell:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:hp:simplivity_omnistack_for_cisco_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "3.7.9",
                    "versionStartIncluding": "3.0.8",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:hp:simplivity_omnistack_for_cisco:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:hp:simplivity_omnistack_for_lenovo_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "3.7.9",
                    "versionStartIncluding": "3.0.8",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:hp:simplivity_omnistack_for_lenovo:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2019-11993"
      }
    ]
  },
  "cve": "CVE-2019-11993",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.4,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "impactScore": 9.2,
            "integrityImpact": "COMPLETE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:C/A:C",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Complete",
            "baseScore": 9.4,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2019-11993",
            "impactScore": null,
            "integrityImpact": "Complete",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.9,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.4,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "CNVD-2020-04654",
            "impactScore": 9.2,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.6,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 3.9,
            "impactScore": 3.6,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 7.5,
            "baseSeverity": "High",
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2019-11993",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2019-11993",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2020-04654",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202001-074",
            "trust": 0.6,
            "value": "CRITICAL"
          },
          {
            "author": "VULMON",
            "id": "CVE-2019-11993",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-04654"
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-11993"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-014157"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-11993"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202001-074"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "A security vulnerability has been identified in HPE SimpliVity 380 Gen 9, HPE SimpliVity 380 Gen 10, HPE SimpliVity 380 Gen 10 G, HPE SimpliVity 2600 Gen 10, SimpliVity OmniCube, SimpliVity OmniStack for Cisco, SimpliVity OmniStack for Lenovo and SimpliVity OmniStack for Dell nodes. Two now deprecated APIs run as root, accept a file name path, and can be used to create or delete arbitrary files on the nodes. These APIs do not require user authentication and are accessible over the management network, resulting in remote availability and integrity vulnerabilities For all customers running HPE OmniStack version 3.7.9 and earlier. HPE recommends upgrading the OmniStack software to version 3.7.10 or later, which contains a permanent resolution. Customers and partners who can upgrade to 3.7.10 should upgrade at the earliest convenience. For all customers and partners unable to upgrade their environments to the recommended version 3.7.10, HPE has created a Temporary Workaround https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=mmr_sf-EN_US000061675\u0026withFrame for you to implement. All customer should upgrade to the recommended 3.7.10 or later version at the earliest convenience. plural HPE SimpliVity The product contains an unspecified vulnerability.Information may be altered. \n\r\n\r\nThere are security holes in many HPE products",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2019-11993"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-014157"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-04654"
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-11993"
      }
    ],
    "trust": 2.25
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2019-11993",
        "trust": 3.1
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-014157",
        "trust": 0.8
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-04654",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202001-074",
        "trust": 0.6
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-11993",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-04654"
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-11993"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-014157"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-11993"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202001-074"
      }
    ]
  },
  "id": "VAR-202001-0645",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-04654"
      }
    ],
    "trust": 1.35
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "Network device"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-04654"
      }
    ]
  },
  "last_update_date": "2023-12-18T12:35:48.624000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "hpesbhf03955en_us",
        "trust": 0.8,
        "url": "https://support.hpe.com/hpesc/public/docdisplay?doclocale=en_us\u0026docid=emr_na-hpesbhf03955en_us"
      },
      {
        "title": "Patch for Unknown vulnerabilities in multiple HPE products",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchinfo/show/199971"
      },
      {
        "title": "Multiple HPE Product security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=108268"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-04654"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-014157"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202001-074"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-noinfo",
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2019-11993"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.0,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-11993"
      },
      {
        "trust": 1.7,
        "url": "https://support.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026docid=emr_na-hpesbhf03955en_us"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-11993"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-04654"
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-11993"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-014157"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-11993"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202001-074"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-04654"
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-11993"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-014157"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-11993"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202001-074"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-02-11T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2020-04654"
      },
      {
        "date": "2020-01-03T00:00:00",
        "db": "VULMON",
        "id": "CVE-2019-11993"
      },
      {
        "date": "2020-02-05T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-014157"
      },
      {
        "date": "2020-01-03T18:15:09.640000",
        "db": "NVD",
        "id": "CVE-2019-11993"
      },
      {
        "date": "2020-01-03T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202001-074"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-02-11T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2020-04654"
      },
      {
        "date": "2020-01-21T00:00:00",
        "db": "VULMON",
        "id": "CVE-2019-11993"
      },
      {
        "date": "2020-02-05T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-014157"
      },
      {
        "date": "2020-01-21T20:41:56.147000",
        "db": "NVD",
        "id": "CVE-2019-11993"
      },
      {
        "date": "2020-01-06T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202001-074"
      }
    ]
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "plural  HPE SimpliVity Product vulnerabilities",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-014157"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "other",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202001-074"
      }
    ],
    "trust": 0.6
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2019-11993 (GCVE-0-2019-11993)

GHSA-8F22-PCX4-9XQM

CNVD-2020-04654

GSD-2019-11993

FKIE_CVE-2019-11993

VAR-202001-0645

Tags

Sightings

Nomenclature